LOG-5 Security Event Review

What is this control about?

Each security event alerted must be reviewed and tracked to remediation.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them.

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A – no templates recommendation

Control implementation

Note: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefit of automation

For a manual implementation: 

Implement a review capability within the monitoring logging tool by tracking security event alert notification to triage and to remediation. It is up to each company to decide the format. Typically, it is expected for any alert notification to be logged into a ticket in which remediation activities are documented.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide screenshot of the review capability within the tool
• Provide an example of an alert received and remediation

Evidence example

From the suggested action above, an example is provided below.

1.Provide a screenshot of the review capability within the tool.

Example of security event alerts

 2. Provide an example of an alert received and remediation.

Example of email alert

Remediation can be in a JIRA ticket or within the tool.